From owner-freebsd-stable  Thu Mar  2 23:49:16 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from smtp7.atl.mindspring.net (smtp7.atl.mindspring.net [207.69.128.51])
	by hub.freebsd.org (Postfix) with ESMTP id 9F96837BE32
	for <freebsd-stable@freebsd.org>; Thu,  2 Mar 2000 23:49:12 -0800 (PST)
	(envelope-from mvh@ix.netcom.com)
Received: from netcom1.netcom.com (lai-ca3d-83.ix.netcom.com [209.110.243.83])
	by smtp7.atl.mindspring.net (8.9.3/8.8.5) with ESMTP id CAA00284
	for <freebsd-stable@freebsd.org>; Fri, 3 Mar 2000 02:48:49 -0500 (EST)
Received: by netcom1.netcom.com (Postfix, from userid 1000)
	id 1FF40A540C; Thu,  2 Mar 2000 23:48:08 -0800 (PST)
From: Mike Harding <mvh@ix.netcom.com>
To: freebsd-stable@freebsd.org
In-reply-to: <38BF10BF.86D1EA83@duwde.com.br> (message from Fabio Dias on Thu,
	02 Mar 2000 22:09:19 -0300)
Subject: Re: Password Length
References: <Pine.BSF.4.10.10003021939150.15588-100000@tetron02.tetronsoftware.com> <38BF10BF.86D1EA83@duwde.com.br>
Message-Id: <20000303074808.1FF40A540C@netcom1.netcom.com>
Date: Thu,  2 Mar 2000 23:48:08 -0800 (PST)
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


Which is a pet peeve of mine - if you upgrade your security, you get
far worse password security.  Is there a way to jam the passwords into
MD5 mode?  If not, couldn't a sysctl var or something in
/etc/make.conf do this?

- Mike H.

   Date: Thu, 02 Mar 2000 22:09:19 -0300
   From: Fabio Dias <duwde@duwde.com.br>
   X-Accept-Language: en
   Content-Type: text/plain; charset=us-ascii
   Sender: owner-freebsd-stable@FreeBSD.ORG
   X-Loop: FreeBSD.ORG
   Precedence: bulk
   X-RULES: lists

   Gene Harris wrote:

   Hi Gene.
   > I just noticed today that my passwords are only being checked to a length of 8
   > characters.  (By this I mean that I only have to type in the first 8
   > characters of the password.  YIKES!)  I have minpasswdlen set to 8 in my
   > login.conf file for the user profile.  I have studied the man chpass, man
   > passwd and man login.conf pages.  Is there a setting someplace that extends
   > the length of the password?  This was very unsettling to discover!
   Aren't you running crypt+DES ? I bet you are :)
   Passwords (without crypt+DES) can be up to_PASSWORD_LEN - 1 (NULL) ==
   127
   Indeed, when running crypt+DES, If I'm not wrong, what you've described
   is true.

   -- 
   /*
   Fabio Dias / Duwde <duwde@duwde.com.br>
   HP & PGP avaible at http://www.duwde.com.br
   PGP key (2048 Bits / KeyID 0x6A53EC31)      
   FP: BB35 50F2 7F83 655D  6B11 F0A2 F8E2 FF3D
   */


   To Unsubscribe: send mail to majordomo@FreeBSD.org
   with "unsubscribe freebsd-stable" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message